Hello,
I sent this to the ipv6_(_at_)_openbsd list yesterday, but seeing how low the
traffic is, I'm guessing that it's nearly dead. I hope it's not too
inappropriate for me to report on this list.
I have a IPv6-in-IPv4 tunnel to the 6Bone. My side of the tunnel is an
OpenBSD (2.9-stable) box. This tunnel is gif0. I have another tunnel
for internal network use (gif1) and a directly attached IPv6 network
(off xl0, the tunnels are off dc0).
My problem is exactly the same as Rob Mooney's from 2001.03.09
(http://www.sigmasoft.com/~openbsd/archive/openbsd-ipv6/200103/msg00000.html)
-- I can filter IPv4 just fine, but I cannot filter on IPv6 content. If
I put IPv6 filters (ipf -6) on dc0, then they just get ignored.
Tcpdump-ing on the gif interfaces just shows outgoing traffic. Heck,
even blocking all IPv6 traffic out of xl0 gets ignored:
[root_(_at_)_foo6 12:09:25 /root]# ipfstat -6ho
0 block out log from any to any
0 block out on xl0 from any to any
My IPv4 filters allow ICMP protocol 0x29 (41) in, but I cannot figure
out how to filter any IPv6.
Would someone please help me? Getting filtering up is necessary for
this project and I _really_ want to keep using OpenBSD.
Thanks,
pete
--
Pete Toscano pete_(_at_)_research_(_dot_)_netsol_(_dot_)_com 703.948.3364